Technology Security Manager

JOB TITLE
Technology Security Manager

DEPARTMENT:
Technology

LOCATION:
Stamford Bridge (London) with occasional travel to Cobham (Surrey).

CONTRACT:
Permanent.

JOB FUNCTION:
This position is responsible for leading the strategic and operational direction of Chelsea FC's Information and Cyber Security, reporting into to the Director of Technology.

This role is both strategic and operational: it defines the security vision, embeds governance, and drives risk reduction across the Club's football and commercial operations, while also providing leadership in day-to-day cyber defence.

The postholder will influence senior leadership, ensure compliance with key regulations, and work with internal teams and external partners to build a resilient, future-ready security posture that enables innovation on and off the pitch.

Closing date: 13th November

We encourage you to apply as soon as possible. In the event that we receive a large number of applications, the position may be filled before the listed closing date. To avoid missing out, please submit your application at your earliest convenience.

MAIN RESPONSIBILITIES:

1. Strategic Leadership and Governance:

• Define and evolve Chelsea FC's cybersecurity strategy aligned with Club objectives and industry best practice.
• Lead the development and enforcement of information security policies, standards, and frameworks.
• Drive the Information Security Risk Management programme, reporting on key risks, mitigation, and maturity progress.
• Provide strategic security insights to the Information Security Steering Committee, Director of Technology, COO, CDO, CFO, CEO, etc. - as required.
• Act as subject matter expert and advisor to executives and other business stakeholders on cyber risk, emerging threats, and technology opportunities.

2. Risk and Compliance

• Ensure compliance with all applicable standards and regulations, including PCI DSS, GDPR, and Premier League cybersecurity requirements.
• Oversee periodic independent security maturity assessments and ensure remediation plans are executed.
• Maintain the risk register in collaboration with IT, Risk & Compliance, and business stakeholders.
• Embed security considerations into procurement, contract negotiations, and third-party vendor management.

3. Security Operations

• Provide senior oversight for security operations, ensuring effective monitoring, detection, and response.
• Govern the SOC provider, ensuring SLAs and threat detection capabilities meet the Club's requirements.
• Lead response to significant security incidents, engaging with senior leadership, regulators, law enforcement, and insurers.
• Ensure a robust vulnerability management and penetration testing programme is in place and actioned.
• Oversee endpoint, email, and identity security across the Club's workforce and infrastructure.

4. Secure Technology and Development

• Champion secure design and "security by default" across infrastructure and applications.
• Oversee identity and access management, including MFA, privileged access, and zero trust principles.
• Lead the adoption of SSDLC/DevSecOps practices across the Club's development workflows.
• Partner with Infrastructure and Cloud teams to ensure Azure, GCP, Microsoft 365 and AWS environments are governed and secure.

5. Culture, Awareness and Training

• Develop and deliver the Club's security awareness programme, including phishing simulations, campaigns, and training.
• Provide security briefings and horizon-scanning reports for senior leaders.
• Ensure new employees receive induction training in information security.
• Promote a culture of shared responsibility for security across all functions.

6. Programme and Change Leadership

• Act as security lead on major transformation projects (e.g., CCTV infrastructure upgrade, authentication improvements, data warehouse programmes).
• Embed security into the Technology change management process, ensuring early engagement and risk identification.
• Evaluate and approve new third-party tools and SaaS platforms from a security perspective.

KEY RELATIONSHIPS:

Internal:
Director of Technology, Risk & Compliance, Legal, HR, Technology Infrastructure, Service Desk, Facilities, Football Operations, Marketing & Commercial teams, Physical Security, Matchday Safety, etc.

External:
SOC, Microsoft, Security Vendors, cyber insurers, regulators, and law enforcement (NCSC, Action Fraud), Payment Service Providers, Credit Card Schemes, Cyber Insurer, Premier League

MEASURES OF PERFORMANCE:

• Effective management of IT security risks and incidents.
• Compliance with organisational and regulatory standards.
• Reporting on security.
• Operational efficiency and cost management in line with budgetary goals.
• Successful alignment of security strategy with organisational outcomes.

EXPERIENCE/REQUIREMENTS:

Essential:

• Significant experience in an information security leadership role (e.g. Security Manager) within a complex, high-profile organisation.
• Strong knowledge of: Cloud security (Azure, GCP, Microsoft 365).
• Security operations (EDR, SIEM, SOC workflows).
• Governance and regulatory frameworks (PCI DSS, GDPR, ISO 27001 desirable).
• Demonstrable experience of leading incident response, risk management, and vulnerability management programmes.
• Track record of influencing senior stakeholders and presenting at executive/Board level.
• Proven ability to manage third-party vendors and contracts.

Desirable:

• Information security management qualifications (e.g., CISSP, CISM).
• Knowledge of Enterprise Architecture methodologies (e.g., TOGAF).
• Familiarity with ITIL Service Management practices.

Our commitment to Equality, Diversity and Inclusion:

At Chelsea we recognise that the diversity of our people is one of our greatest strengths and we are taking positive action to ensure our existing colleagues and job applicants can fully be themselves and bring their own unique experiences and perspectives to Chelsea FC. This means giving full and fair consideration to all applicants regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity.

If you need reasonable adjustments made to the recruitment process, please reach out to your recruiter, who will be able to advise and support you.

Chelsea FC is fully committed to ensuring the safety and well-being of all children, young people and adults at risk (vulnerable groups). We therefore require all successful applicants to complete a DBS Check prior to starting employment. Depending on the role, successful applicants may also be required to undergo other child protection screening where appropriate.